Re: Where is security industry gng??

[Frank Knobbe <frank () knobbe us>]

On Tue, 2004-09-14 at 08:38, Barry Fitzgerald wrote:
> The problem with IDS was always that people perceived IDS as being a 
> magic box that automatically and exclusively detects intrusions.  Anyone 
> who's ever worked with an IDS knows that that couldn't be further from 
> the truth.  However, that does not invalidate the data from the IDS.  A 
> properly tuned IDS can be very useful.

I agree, but like to stress that Intrusion Detection Systems by
themselves are worthless (as Gartner says). It's the Intrusion Detection
Analyst/Operator that is useful, and the IDS is only a tool for the IDA
to use and do his job.

So in a sense, a properly tuned Intrusion Detection Analyst can be very
useful. 

> I liken it to this physical analogy (don't you love them? :) ):

I'm not even gonna go there...  ;)

> So, where is the security industry going?  Well, who wants to buy a fire 
> suppression system? :)

Nope. The next hot thing is security insurance. Then thereafter will be
The Great Collapse after which information technology will experience
some sort of Renaissance, mainly based on concepts of free software (as
in free thought) and free of failed market manipulation.

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part